a proposal for Samba 3.5
Richard Sharpe
rsharpe at richardsharpe.com
Mon Apr 19 17:37:54 GMT 2004
On Mon, 19 Apr 2004, Jean-Baptiste Marchand wrote:
> * Richard Sharpe <rsharpe at richardsharpe.com> [16/04/04 - 20:50]:
>
> > Yes. Unfortunately, Jean-Baptiste conflated two groups of users. I agree
> > that functions useful to sys admins belongs in the net command.
>
> True, penetration testers and system administrators do not really have
> the same requirements...
>
> However, I still think that an interactive command-line tool such as
> rpcclient is very useful to system administrators, in addition to the
> net command.
>
> For instance, the Samba-TNG version of rpcclient supports some useful
> commands that supports the following MSRPC interface:
>
> eventlog (remote Windows eventlog manipulation)
> svcctl (remote Windows services administration)
>
> My feeling is that the net command supports commands for domain-oriented
> administrative tasks but not for general Windows system administration
> tasks such as reading the eventlog, starting a Windows service and so
> on...
This seems true ...
> > I don't think that those functions that are useful to penetration testers
> > belong in the net command at all. These things belong in rpctorture or
> > should be part of a toolkit that allow penetration testers to test the
> > corner cases and extremes of individual RPC interfaces.
>
> I was not referring to vulnerability research in RPC interfaces when I
> mentionned penetration testers.
OK, my mistake.
> I was thinking about rpcclient commands that are useful to discover
> internals of Windows domains (typically, commands that send operations
> to the samr, lsarpc,... interfaces).
Not sure what we would call it though? rpcclient? :-)
Regards
-----
Richard Sharpe, rsharpe[at]richardsharpe.com, rsharpe[at]samba.org,
sharpe[at]ethereal.com, http://www.richardsharpe.com
More information about the samba-technical
mailing list